Welcome to issue #344 May 1st, 2023


Document AI Official Blog

Document AI offers the ability to search and store documents efficiently with Document AI Warehouse - Document AI Warehouse is a fully managed cloud-native service to manage documents and their manually tagged and AI-extracted data in one platform.

Anthos Official Blog

Announcing our Anthos hybrid environment reference architecture - A new reference architecture helps you plan, deploy, and configure the required components when building an Anthos hybrid environment.

Cloud Speech API Official Blog

Announcing Accuracy Evaluation for Cloud Speech-to-Text - In AI, accuracy requires careful testing and tuning—and with Accuracy Evaluation, this task is easier than for Google Cloud’s Speech-to-Text API.

GCP Certification Networking Official Blog

Introducing the Advanced Networking Demo video series - A new video series from Google Cloud networking experts designed to help shed light on the complex networking topics, complete with demos.

BigQuery Data Analytics Official Blog

Introducing BigQuery Partner Center — a new way to discover and leverage integrated partner solutions - BigQuery Partner Center lets customers easily discover and try out a diverse range of validated partner solutions from the Cloud Console directly.

Billing Cloud Memorystore Official Blog

Optimize your savings with Memorystore committed use discounts - Committed use discounts for Memorystore allow you to save 40% of the on-demand price and are fungible across both Redis and Memcached instances.

Billing Compute Engine Official Blog SAP

Committed use discounts for RHEL and RHEL for SAP now available on Compute Engine - Committed use discounts (“CUDS”) for Red Hat Enterprise Linux are now available on Compute Engine, delivering up to 24% on RHEL subscription costs.

Cloud Run Official Blog Serverless

Serverless for all your needs: Cloud Run jobs and second-generation execution environment now GA - With Cloud Run jobs, time-consuming manual processes can be simplified to scheduled jobs or reduced to a simple command-line operation.

Compute Engine Confidential Computing Official Blog

Oh SNP! VMs get even more confidential - Confidential VMs are now available with even more security protections on general purpose N2D VMs with AMD SEV-SNP technology in private Preview.

Chronicle Official Blog

Introducing AI-powered investigation in Chronicle Security Operations - Chronicle customers will be able to search security events and interact conversationally with the results, all without learning a new syntax or schema.

AI Official Blog Security

Supercharging security with generative AI - At the RSA Conference, we are excited to announce Google Cloud Security AI Workbench, an industry-first extensible platform powered by the specialized LLM Sec-PaLM.

Cloud Security Command Center Official Blog

Introducing AI-powered risk summaries in Security Command Center

AI Official Blog Security

Introducing AI-powered insights in Threat Intelligence - Google Cloud and Mandiant plan to use LLMs to transform threat intelligence and how it is operationalized. Here’s why.

AI Business Official Blog

Google Cloud Startup Summit introduces benefits for AI startups - Google Cloud launches new benefits for AI startups to give them the technology, community and resources they need to build and grow their startup faster, smarter, and cheaper.

Business Official Blog

Announcing the inaugural North American Google for Startups Accelerator: Cloud - Google for Startups Accelerator: Cloud North America program launch.

Infrastructure Official Blog Security

Google named a Leader in Forrester Wave™ IaaS Platform Native Security - Forrester Research has once again named Google Cloud a Leader in The Forrester Wave™: IaaS Platform Native Security, Q2 2023 report. Here’s why.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Confidential Computing Official Blog Security

How Google and Intel make Confidential Computing more secure

Google Kubernetes Engine Kubernetes Security

Securing the access to the Control Plane of a Google Kubernetes Engine (GKE) - How to select and configure Private GKE cluster.

CISO Official Blog Security

Cloud CISO Perspectives: Late April 2023 - For our second newsletter this month, guest author and Mandiant CEO Kevin Mandia discusses the RSA Conference and how external pressures are shaping the current cybersecurity landscape.

Billing Official Blog

6 simple ways to avoid cloud spending stress - Tools, methods and strategies to view, consolidate and optimize your cloud billing data.

Confidential Computing Official Blog

How Confidential Computing can transform cloud security - The next generation of our Confidential Computing VM instances will utilize AMD SEV-SNP technology. Here’s why.

DevOps Kubernetes Python

Build an end-to-end CI/CD pipeline for Flask Application on GCP deployed on GKE - DevOps in Google Cloud Platform (GCP) — Part II.

Apigee Google Kubernetes Engine Kubernetes

APIGEE Overview with GKE - Manage GKE APIs with Apigee.

App Development, Serverless, Databases, DevOps

Cloud Run Eventarc Java

EventArc with Cloud Run - Google Cloud EventArc provides a simple way to act on events generated by a variety of Google Cloud Services.

Networking Official Blog

How to Use Log Analytics in Cloud Logging to gain deeper network insights - Log Analytics in Cloud Logging lets you search and aggregate network logs to find network trends and anomalies, and troubleshoot networking issues.

Cloud Functions Cloud Monitoring

Tutorial: Low Usage Alerting On Slack for Google Cloud Platform (GCP) - Reading monitoring data using MQL and triggering alert with Cloud Function.

Cloud Storage

How to figure out what Google Cloud project a Cloud Storage bucket is in - Getting to know GCP Project ID for Cloud Storage bucket.

Big Data, Analytics, ML&AI

AI Cloud Dataflow IoT

How to balance cost vs performance on Google Cloud - Optimizing project that works wit the real time data.

Data Analytics Official Blog

Built with BigQuery: BigCommerce teams up with Tech Partners to make gathering, analyzing and acting on retail data easy - BigCommerce has teamed up with BigQuery to create a native integration to its ecommerce platform that makes data analysis easier than ever.

Big Data Dataplex

Data Profiling Using Dataplex - It’s your data but profiler knows it better. Let’s find out how?

Cloud Bigtable Cloud Dataproc Cloud Pub/Sub

Stream data from Pub/Sub Lite to Bigtable using Dataproc Serverless - This blog post explains how to stream data from a Pub/Sub Lite to BigTable using Dataproc.


Effortlessly Generate Redemption Codes at Scale with BigQuery - Generating Millions of Unique Redemption Codes with BigQuery: A Step-by-Step Guide.


Creating BigQuery Table Snapshots Dynamically - A table snapshot in BigQuery is a way of preserving the contents of a table, referred to as the base table, at a specific moment in time….

BigQuery Data Science Machine Learning Python

Analysing 260.000 Text Documents - An end to end NLP project to find trend and discover topics.

AI Machine Learning PyTorch Vertex AI

Batch/Online Predictions with Pytorch Hugging Face Models on Google Cloud - Build your personalized container that adapts to your needs.

Slides, Videos, Audio

Kubernetes Podcast - #200 Kubernetes Community Check-up, with Paris Pittman.

Security Podcast - #118 RSA 2023 - How to Protect Your Organization from Cyberattacks in Time of Political Turmoil.



AlloyDB - Three metrics tracking node health are available in Preview.

Anthos clusters on bare metal - 1.15. Release 1.15.0 Anthos clusters on bare metal 1.15.0 is now available for download. Version 1.12 end of life: In accordance with the Anthos Version Support Policy, version 1.12 (all patch releases) of Anthos clusters on bare metal has reached its end of life and is no longer supported. Cluster lifecycle: Upgraded from Kubernetes version 1.25 to version 1.26. Functionality changes: Replacing taints and labels. Fixes: Fixed an issue that caused the bmctl reset nodes command to fail if the bmctl-workspace directory was empty. Known issues: For information about the latest known issues, see Anthos clusters on bare metal known issues in the Troubleshooting section. 1.13. Release 1.13.7 Anthos clusters on bare metal 1.13.7 is now available for download. Fixes: The following container image security vulnerability has been fixed: CVE-2022-23824 CVE-2022-42331 CVE-2022-42332 CVE-2022-42333 CVE-2022-42334. Known issues: For information about the latest known issues, see Anthos clusters on bare metal known issues in the Troubleshooting section.

Apigee X - Effective May 31, 2023, the default value for the OAuthv2 policy RefreshTokenExpiresIn element has new behavior.

AppEngine Flexible - .NET - .NET 6 is now available in preview.

AppEngine Flexible Go - You can now specify version "1.20" in the runtime_version setting of your app.yaml file.

AppEngine Flexible Ruby - Ruby 3.2 is now available in preview.

AppEngine Standard - The Search API is now available in the App Engine legacy bundled services for second-generation runtimes.

Google Cloud Armor - Google Cloud Armor now supports rate limiting on multiple keys in General Availability.

Batch - Documentation has been added for an overview page that summarizes Batch content including pages, code samples, and videos.

BigQuery - JSON data type mapping is now available for Cloud Spanner federated queries. BigLake and non-BigLake external tables now support Cloud Storage custom dual-regions. Dynamic data masking has been updated to allow masking on RECORD columns that have been set to REPEATED mode. The BigQuery Data Transfer Service for Google Ads supports the new Google Ads API.

BigTable - Cloud Bigtable is not available in the europe-west12 (Turin) region.

Cloud Build - You can now configure Cloud Build to continue executing a build even if specified steps fail.

Certificate Authority Service - v1. General Availability: Certificate Authority Service integrates with Certificate Manager to enable certificate issuance.

Channel Services - You can now set up a unified Google Cloud Billing exports for multiple Partner Sales Console accounts.

Cloud Composer - Cloud Composer 2.1.14 and 1.20.12 release started on April 25, 2023. Starting from March 2023, Cloud Composer 1 is in maintenance mode. (Cloud Composer 2) Airflow 2.5.1 is available in Cloud Composer images. (Airflow 2.5.1 and 2.4.3) Per-folder Roles Registration now correctly reassigns permissions if a DAG file is deleted and added back. Cloud Composer 2.1.14 and 1.20.12 images are available: composer-2.1.14-airflow-2.5.1 composer-2.1.14-airflow-2.4.3 (default) composer-2.1.14-airflow-2.3.4 composer-1.20.12-airflow-2.4.3 composer-1.20.12-airflow-2.3.4 composer-1.20.12-airflow-1.10.15.

Compute Engine - Two vulnerabilities (CVE-2023-1017 and CVE-2023-1018) were discovered in Trusted Platform Module (TPM) 2.0. In the Google Cloud console, the Observability tab on the VM instances page for Compute Engine has been enhanced. You can now create regional Persistent Disk volumes when creating a new VM either directly, or through instance templates.

Config Connector - Config Connector version 1.103.0 is now available. Issue in resource PrivateCACAPool to support setting maxIssuerPathLength field as 0. Added support for manual installation in GKE Autopilot. Fixed set blockOwnerDeletion failures for OwnerReferencesPermissionEnforcement enabled clusters (#797). Optimized ratelimiter for IAMPolicyMember controller to make sure new resources get reconciled timely. Resource ArtifactRegistryRepository(v1beta1): Added spec.dockerConfig field. Resource BigQueryDataset(v1beta1): Added spec.defaultCollation field. Resource ComputeInstance(v1beta1): Added spec.scratchDisk.items.size field. Resource ComputeInstanceTemplate(v1beta1): Added status.selfLinkUnique field. Resource ComputeNetwork(v1beta1): Added spec.networkFirewallPolicyEnforcementOrder field. Resource ComputeVPNGateway(v1beta1): Added spec.stackType field. Resource ContainerCluster(v1beta1): Added spec.ipAllocationPolicy.podCidrOverprovisionConfig field. Resource ContainerNodePool(v1beta1): Added spec.networkConfig.podCidrOverprovisionConfig field. Resource PrivateCACAPool(v1beta1): Added spec.issuancePolicy.baselineValues.caOptions.zeroMaxIssuerPathLength field. Resource PrivateCACertificateAuthority(v1beta1): Added spec.config.x509Config.caOptions.zeroMaxIssuerPathLength field. Resource StorageTransferJob(v1beta1): Added spec.transferSpec.objectConditions.lastModifiedBefore field.

Data Fusion - Cloud Data Fusion version 6.8.2 is generally available (GA). Cloud Data Fusion version 6.8.2 fixes an issue in Cloud Data Fusion versions 6.8.0 and 6.8.1 that may cause the following error: Unsupported program type: Spark.

Dataproc Serverless - New Dataproc Serverless for Spark runtime versions: 1.1.12 2.0.20 2.1.0-RC8. Dataproc now supports the usage of cross-project service account. Autoscaler recommendation reasoning details are available now in Cloud Logging logs. Default batch TTL is set to 4 hours for Dataproc Serverless for Spark runtime version 2.1.

Dataproc - New Dataproc Serverless for Spark runtime versions: 1.1.12 2.0.20 2.1.0-RC8. Dataproc now supports the usage of cross-project service account. Autoscaler recommendation reasoning details are available now in Cloud Logging logs. Default batch TTL is set to 4 hours for Dataproc Serverless for Spark runtime version 2.1.

Datastore - count() queries are now supported at the General Availability level.

Cloud Deploy - Google Cloud Deploy now uses Skaffold 2.3 as the default Skaffold version for all target types.

Dialogflow - Dialogflow CX now supports intent import/export and training phrase import.

Document AI - v1.4. Launched the following features to improve the usability of the Document AI Workbench Custom Document Extractor (CDE): CDE now supports an additional 42 global languages.

Cloud Domains - Importing a domain from Google Domains to Cloud Domains is available in GA.

Cloud Firestore - count() queries are now supported at the General Availability level.

Cloud Logging - Version 2.31.0 of the Ops Agent introduces built-in support for log rotation.

Memorystore for Memcached - v1. Added support for Committed use discounts for Memorystore.

Cloud Memorystore - Added support for Committed use discounts for Memorystore.

Cloud Monitoring - Version 2.31.0 of the Ops Agent introduces built-in support for log rotation. The Observability tab on the VM instances page for Compute Engine has been enhanced.

Cloud Run - Cloud Run jobs are now generally available (GA). Starting June 5, 2023, the default generic builder will begin using the Ubuntu 22 LTS base image.

Anthos Service Mesh - Managed Anthos Service Mesh. Three images for managed Anthos Service Mesh are now rolling out and contain a fix for FIPS compliance: The image for 1.16.4-asm.8 is rolling out in the rapid release channel The image for 1.15.7-asm.8 is rolling out in the regular release channel The image for 1.14.6-asm.16 is rolling out in the stable release channel See Select a managed Anthos Service Mesh release channel for more information. 1.17.x. 1.17.2-asm.8 is now available for in-cluster Anthos Service Mesh. 1.16.x. 1.16.4-asm.8 is now available for in-cluster Anthos Service Mesh. 1.15.x. 1.15.7-asm.8 is now available for in-cluster Anthos Service Mesh.

SAP Solutions - Google Cloud's Agent for SAP version 1.4 Version 1.4 of the Google Cloud's Agent for SAP is now available.

Cloud Spanner - Two new multi-region instance configurations are now available in North America: nam14 (Northern Virginia/Montréal/South Carolina) and nam15 (Dallas/Northern Virginia/Iowa). The number of indexes per table that Cloud Spanner supports increased from 32 to 128.

Cloud Storage Transfer - Storage Transfer Service now publishes the IP ranges from which it makes requests to your AWS or Azure storage resources when performing a transfer.

Video Stitcher API - Google Ad Manager integration for live and VOD workflows is now generally available (GA). Live configs are now used to create live sessions.

VMware Engine - VMware Engine adds a VPC Service Controls guided opt-in and policy export that enables you to attach VMware Engine services to a new or existing VPC Service Controls perimeter.


Latest Issues


Zdenko Hrček
Třebanická 183
Prague, Czech Republic
Phone: +420 777 283 075
Email: [email protected]